NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
R6400 subnetting
My goal is to create two subnets: 192.168.1.x and 192.168.2.x, both with internet access. A server on the .1 subnet would have access to all devices on both subnets but any device on the .2 subnet should not be able to access any devices on the .1 subnet. Is this possible with an R6400? Do I need two of them?
> [...] Is this possible with an R6400? Do I need two of them?
I'd want to test it before I trusted any of the following, but I
believe that you could do it with two routers. An R6400 could serve as
the Internet gateway (call it RouterA), with its LAN subnet, call it
"LAN(2)", being 192.168.2.*.
A second router (RouterB) with one (WAN) port connected to LAN(2)
could provide LAN(1), 192.168.1.*.
Devices on LAN(2) could reach the outside world normally, but, unless
a specific route were added on RouterA (or on a LAN(2) client) for
LAN(1), devices on LAN(2) would not know how to reach LAN(1). I don't
see any ADVANCED > Security options which would do better than that for
the desired isolation.
RouterB could be another R6400 (or similar).
Depending on what the demands are for LAN(1), something less capable
might be able to do the RouterB job, too. For example, if there were no
wireless clients on LAN(1), and static addresses were used for the
clients there, then a second Ethernet interface (probably leading to an
Ethernet switch) on "A server" might be enough. Presumably, one could
find a DHCP server which would run on "A server", which would eliminate
the need for static addresses there, too. If you need wireless on
LAN(1), then some kind of wireless router would be needed as RouterB.
In any case, the general scheme would look like:
Internet --- WAN:RouterA:LAN(2).1 --- WAN:RouterB:LAN(1)
Where RouterB might be "A server" rather than another R6400.
2 Replies
> [...] Is this possible with an R6400? Do I need two of them?
I'd want to test it before I trusted any of the following, but I
believe that you could do it with two routers. An R6400 could serve as
the Internet gateway (call it RouterA), with its LAN subnet, call it
"LAN(2)", being 192.168.2.*.
A second router (RouterB) with one (WAN) port connected to LAN(2)
could provide LAN(1), 192.168.1.*.
Devices on LAN(2) could reach the outside world normally, but, unless
a specific route were added on RouterA (or on a LAN(2) client) for
LAN(1), devices on LAN(2) would not know how to reach LAN(1). I don't
see any ADVANCED > Security options which would do better than that for
the desired isolation.
RouterB could be another R6400 (or similar).
Depending on what the demands are for LAN(1), something less capable
might be able to do the RouterB job, too. For example, if there were no
wireless clients on LAN(1), and static addresses were used for the
clients there, then a second Ethernet interface (probably leading to an
Ethernet switch) on "A server" might be enough. Presumably, one could
find a DHCP server which would run on "A server", which would eliminate
the need for static addresses there, too. If you need wireless on
LAN(1), then some kind of wireless router would be needed as RouterB.
In any case, the general scheme would look like:
Internet --- WAN:RouterA:LAN(2).1 --- WAN:RouterB:LAN(1)
Where RouterB might be "A server" rather than another R6400.Thanks much for the thoughts. I'll mess with it some and see if it works.